Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/03/GHSA-j7p2-m4ff-pw4r/GHSA-j7p2-m4ff-pw4r.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j7p2-m4ff-pw4r",
-  "modified": "2024-04-03T18:30:40Z",
+  "modified": "2025-11-13T18:30:59Z",
   "published": "2024-03-06T12:30:29Z",
   "aliases": [
     "CVE-2024-2005"
   ],
-  "details": "\n\n\nIn Blue Planet®  products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\n\nBlue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\n\n\n\n\n\n\n\n\n\n\n\n\n\n",
+  "details": "In Blue Planet®  products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\n\nBlue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2025/06/GHSA-628r-vvfw-fq42/GHSA-628r-vvfw-fq42.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-628r-vvfw-fq42",
-  "modified": "2025-06-18T12:30:45Z",
+  "modified": "2025-11-13T18:31:00Z",
   "published": "2025-06-18T12:30:45Z",
   "aliases": [
     "CVE-2022-50055"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix adminq error handling\n\niavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent\nmemory for VF mailbox.\nFree DMA regions for both ASQ and ARQ in case error happens during\nconfiguration of ASQ/ARQ registers.\nWithout this change it is possible to see when unloading interface:\n74626.583369: dma_debug_device_change: device driver has pending DMA allocations while released from device [count=32]\nOne of leaked entries details: [device address=0x0000000b27ff9000] [size=4096 bytes] [mapped with DMA_BIDIRECTIONAL] [mapped as coherent]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -37,7 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:34Z"

advisories/unreviewed/2025/06/GHSA-83wq-r7qc-p24w/GHSA-83wq-r7qc-p24w.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-83wq-r7qc-p24w",
-  "modified": "2025-06-18T12:30:45Z",
+  "modified": "2025-11-13T18:31:00Z",
   "published": "2025-06-18T12:30:45Z",
   "aliases": [
     "CVE-2022-50057"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix NULL deref in ntfs_update_mftmirr\n\nIf ntfs_fill_super() wasn't called then sbi->sb will be equal to NULL.\nCode should check this ptr before dereferencing. Syzbot hit this issue\nvia passing wrong mount param as can be seen from log below\n\nFail log:\nntfs3: Unknown parameter 'iochvrset'\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nCPU: 1 PID: 3589 Comm: syz-executor210 Not tainted 5.18.0-rc3-syzkaller-00016-gb253435746d9 #0\n...\nCall Trace:\n <TASK>\n put_ntfs+0x1ed/0x2a0 fs/ntfs3/super.c:463\n ntfs_fs_free+0x6a/0xe0 fs/ntfs3/super.c:1363\n put_fs_context+0x119/0x7a0 fs/fs_context.c:469\n do_new_mount+0x2b4/0xad0 fs/namespace.c:3044\n do_mount fs/namespace.c:3383 [inline]\n __do_sys_mount fs/namespace.c:3591 [inline]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:34Z"

advisories/unreviewed/2025/06/GHSA-99r2-mp2r-q25r/GHSA-99r2-mp2r-q25r.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-99r2-mp2r-q25r",
-  "modified": "2025-06-18T12:30:45Z",
+  "modified": "2025-11-13T18:31:00Z",
   "published": "2025-06-18T12:30:45Z",
   "aliases": [
     "CVE-2022-50059"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: don't leak snap_rwsem in handle_cap_grant\n\nWhen handle_cap_grant is called on an IMPORT op, then the snap_rwsem is\nheld and the function is expected to release it before returning. It\ncurrently fails to do that in all cases which could lead to a deadlock.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:34Z"

advisories/unreviewed/2025/06/GHSA-cmgf-5pg3-6xqr/GHSA-cmgf-5pg3-6xqr.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cmgf-5pg3-6xqr",
-  "modified": "2025-06-18T12:30:46Z",
+  "modified": "2025-11-13T18:31:00Z",
   "published": "2025-06-18T12:30:45Z",
   "aliases": [
     "CVE-2022-50061"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.\"",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -49,7 +54,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:34Z"

advisories/unreviewed/2025/06/GHSA-fff7-r5fr-892q/GHSA-fff7-r5fr-892q.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fff7-r5fr-892q",
-  "modified": "2025-06-18T12:30:45Z",
+  "modified": "2025-11-13T18:31:00Z",
   "published": "2025-06-18T12:30:45Z",
   "aliases": [
     "CVE-2022-50053"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix reset error handling\n\nDo not call iavf_close in iavf_reset_task error handling. Doing so can\nlead to double call of napi_disable, which can lead to deadlock there.\nRemoving VF would lead to iavf_remove task being stuck, because it\nrequires crit_lock, which is held by iavf_close.\nCall iavf_disable_vf if reset fail, so that driver will clean up\nremaining invalid resources.\nDuring rapid VF resets, HW can fail to setup VF mailbox. Wrong\nerror handling can lead to iavf_remove being stuck with:\n[ 5218.999087] iavf 0000:82:01.0: Failed to init adminq: -53\n...\n[ 5267.189211] INFO: task repro.sh:11219 blocked for more than 30 seconds.\n[ 5267.189520]       Tainted: G S          E     5.18.0-04958-ga54ce3703613-dirty #1\n[ 5267.189764] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 5267.190062] task:repro.sh        state:D stack:    0 pid:11219 ppid:  8162 flags:0x00000000\n[ 5267.190347] Call Trace:\n[ 5267.190647]  <TASK>\n[ 5267.190927]  __schedule+0x460/0x9f0\n[ 5267.191264]  schedule+0x44/0xb0\n[ 5267.191563]  schedule_preempt_disabled+0x14/0x20\n[ 5267.191890]  __mutex_lock.isra.12+0x6e3/0xac0\n[ 5267.192237]  ? iavf_remove+0xf9/0x6c0 [iavf]\n[ 5267.192565]  iavf_remove+0x12a/0x6c0 [iavf]\n[ 5267.192911]  ? _raw_spin_unlock_irqrestore+0x1e/0x40\n[ 5267.193285]  pci_device_remove+0x36/0xb0\n[ 5267.193619]  device_release_driver_internal+0xc1/0x150\n[ 5267.193974]  pci_stop_bus_device+0x69/0x90\n[ 5267.194361]  pci_stop_and_remove_bus_device+0xe/0x20\n[ 5267.194735]  pci_iov_remove_virtfn+0xba/0x120\n[ 5267.195130]  sriov_disable+0x2f/0xe0\n[ 5267.195506]  ice_free_vfs+0x7d/0x2f0 [ice]\n[ 5267.196056]  ? pci_get_device+0x4f/0x70\n[ 5267.196496]  ice_sriov_configure+0x78/0x1a0 [ice]\n[ 5267.196995]  sriov_numvfs_store+0xfe/0x140\n[ 5267.197466]  kernfs_fop_write_iter+0x12e/0x1c0\n[ 5267.197918]  new_sync_write+0x10c/0x190\n[ 5267.198404]  vfs_write+0x24e/0x2d0\n[ 5267.198886]  ksys_write+0x5c/0xd0\n[ 5267.199367]  do_syscall_64+0x3a/0x80\n[ 5267.199827]  entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 5267.200317] RIP: 0033:0x7f5b381205c8\n[ 5267.200814] RSP: 002b:00007fff8c7e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 5267.201981] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5b381205c8\n[ 5267.202620] RDX: 0000000000000002 RSI: 00005569420ee900 RDI: 0000000000000001\n[ 5267.203426] RBP: 00005569420ee900 R08: 000000000000000a R09: 00007f5b38180820\n[ 5267.204327] R10: 000000000000000a R11: 0000000000000246 R12: 00007f5b383c06e0\n[ 5267.205193] R13: 0000000000000002 R14: 00007f5b383bb880 R15: 0000000000000002\n[ 5267.206041]  </TASK>\n[ 5267.206970] Kernel panic - not syncing: hung_task: blocked tasks\n[ 5267.207809] CPU: 48 PID: 551 Comm: khungtaskd Kdump: loaded Tainted: G S          E     5.18.0-04958-ga54ce3703613-dirty #1\n[ 5267.208726] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019\n[ 5267.209623] Call Trace:\n[ 5267.210569]  <TASK>\n[ 5267.211480]  dump_stack_lvl+0x33/0x42\n[ 5267.212472]  panic+0x107/0x294\n[ 5267.213467]  watchdog.cold.8+0xc/0xbb\n[ 5267.214413]  ? proc_dohung_task_timeout_secs+0x30/0x30\n[ 5267.215511]  kthread+0xf4/0x120\n[ 5267.216459]  ? kthread_complete_and_exit+0x20/0x20\n[ 5267.217505]  ret_from_fork+0x22/0x30\n[ 5267.218459]  </TASK>",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-667"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:33Z"

advisories/unreviewed/2025/06/GHSA-jqmh-c8m4-4p58/GHSA-jqmh-c8m4-4p58.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jqmh-c8m4-4p58",
-  "modified": "2025-06-18T12:30:45Z",
+  "modified": "2025-11-13T18:31:00Z",
   "published": "2025-06-18T12:30:45Z",
   "aliases": [
     "CVE-2022-50062"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bgmac: Fix a BUG triggered by wrong bytes_compl\n\nOn one of our machines we got:\n\nkernel BUG at lib/dynamic_queue_limits.c:27!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM\nCPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G        W  O    4.14.275-rt132 #1\nHardware name: BRCM XGS iProc\ntask: ee3415c0 task.stack: ee32a000\nPC is at dql_completed+0x168/0x178\nLR is at bgmac_poll+0x18c/0x6d8\npc : [<c03b9430>]    lr : [<c04b5a18>]    psr: 800a0313\nsp : ee32be14  ip : 000005ea  fp : 00000bd4\nr10: ee558500  r9 : c0116298  r8 : 00000002\nr7 : 00000000  r6 : ef128810  r5 : 01993267  r4 : 01993851\nr3 : ee558000  r2 : 000070e1  r1 : 00000bd4  r0 : ee52c180\nFlags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none\nControl: 12c5387d  Table: 8e88c04a  DAC: 00000051\nProcess irq/41-bgmac (pid: 1166, stack limit = 0xee32a210)\nStack: (0xee32be14 to 0xee32c000)\nbe00:                                              ee558520 ee52c100 ef128810\nbe20: 00000000 00000002 c0116298 c04b5a18 00000000 c0a0c8c4 c0951780 00000040\nbe40: c0701780 ee558500 ee55d520 ef05b340 ef6f9780 ee558520 00000001 00000040\nbe60: ffffe000 c0a56878 ef6fa040 c0952040 0000012c c0528744 ef6f97b0 fffcfb6a\nbe80: c0a04104 2eda8000 c0a0c4ec c0a0d368 ee32bf44 c0153534 ee32be98 ee32be98\nbea0: ee32bea0 ee32bea0 ee32bea8 ee32bea8 00000000 c01462e4 ffffe000 ef6f22a8\nbec0: ffffe000 00000008 ee32bee4 c0147430 ffffe000 c094a2a8 00000003 ffffe000\nbee0: c0a54528 00208040 0000000c c0a0c8c4 c0a65980 c0124d3c 00000008 ee558520\nbf00: c094a23c c0a02080 00000000 c07a9910 ef136970 ef136970 ee30a440 ef136900\nbf20: ee30a440 00000001 ef136900 ee30a440 c016d990 00000000 c0108db0 c012500c\nbf40: ef136900 c016da14 ee30a464 ffffe000 00000001 c016dd14 00000000 c016db28\nbf60: ffffe000 ee21a080 ee30a400 00000000 ee32a000 ee30a440 c016dbfc ee25fd70\nbf80: ee21a09c c013edcc ee32a000 ee30a400 c013ec7c 00000000 00000000 00000000\nbfa0: 00000000 00000000 00000000 c0108470 00000000 00000000 00000000 00000000\nbfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\nbfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000\n[<c03b9430>] (dql_completed) from [<c04b5a18>] (bgmac_poll+0x18c/0x6d8)\n[<c04b5a18>] (bgmac_poll) from [<c0528744>] (net_rx_action+0x1c4/0x494)\n[<c0528744>] (net_rx_action) from [<c0124d3c>] (do_current_softirqs+0x1ec/0x43c)\n[<c0124d3c>] (do_current_softirqs) from [<c012500c>] (__local_bh_enable+0x80/0x98)\n[<c012500c>] (__local_bh_enable) from [<c016da14>] (irq_forced_thread_fn+0x84/0x98)\n[<c016da14>] (irq_forced_thread_fn) from [<c016dd14>] (irq_thread+0x118/0x1c0)\n[<c016dd14>] (irq_thread) from [<c013edcc>] (kthread+0x150/0x158)\n[<c013edcc>] (kthread) from [<c0108470>] (ret_from_fork+0x14/0x24)\nCode: a83f15e0 0200001a 0630a0e1 c3ffffea (f201f0e7)\n\nThe issue seems similar to commit 90b3b339364c (\"net: hisilicon: Fix a BUG\ntrigered by wrong bytes_compl\") and potentially introduced by commit\nb38c83dd0866 (\"bgmac: simplify tx ring index handling\").\n\nIf there is an RX interrupt between setting ring->end\nand netdev_sent_queue() we can hit the BUG_ON as bgmac_dma_tx_free()\ncan miscalculate the queue size while called from bgmac_poll().\n\nThe machine which triggered the BUG runs a v4.14 RT kernel - but the issue\nseems present in mainline too.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-617"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:34Z"

advisories/unreviewed/2025/06/GHSA-pxrj-jchh-722x/GHSA-pxrj-jchh-722x.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pxrj-jchh-722x",
-  "modified": "2025-06-18T12:30:45Z",
+  "modified": "2025-11-13T18:31:00Z",
   "published": "2025-06-18T12:30:45Z",
   "aliases": [
     "CVE-2022-50056"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix missing i_op in ntfs_read_mft\n\nThere is null pointer dereference because i_op == NULL.\nThe bug happens because we don't initialize i_op for records in $Extend.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:34Z"

advisories/unreviewed/2025/06/GHSA-q25w-pv7x-x34v/GHSA-q25w-pv7x-x34v.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q25w-pv7x-x34v",
-  "modified": "2025-06-18T12:30:46Z",
+  "modified": "2025-11-13T18:31:01Z",
   "published": "2025-06-18T12:30:45Z",
   "aliases": [
     "CVE-2022-50064"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-blk: Avoid use-after-free on suspend/resume\n\nhctx->user_data is set to vq in virtblk_init_hctx().  However, vq is\nfreed on suspend and reallocated on resume.  So, hctx->user_data is\ninvalid after resume, and it will cause use-after-free accessing which\nwill result in the kernel crash something like below:\n\n[   22.428391] Call Trace:\n[   22.428899]  <TASK>\n[   22.429339]  virtqueue_add_split+0x3eb/0x620\n[   22.430035]  ? __blk_mq_alloc_requests+0x17f/0x2d0\n[   22.430789]  ? kvm_clock_get_cycles+0x14/0x30\n[   22.431496]  virtqueue_add_sgs+0xad/0xd0\n[   22.432108]  virtblk_add_req+0xe8/0x150\n[   22.432692]  virtio_queue_rqs+0xeb/0x210\n[   22.433330]  blk_mq_flush_plug_list+0x1b8/0x280\n[   22.434059]  __blk_flush_plug+0xe1/0x140\n[   22.434853]  blk_finish_plug+0x20/0x40\n[   22.435512]  read_pages+0x20a/0x2e0\n[   22.436063]  ? folio_add_lru+0x62/0xa0\n[   22.436652]  page_cache_ra_unbounded+0x112/0x160\n[   22.437365]  filemap_get_pages+0xe1/0x5b0\n[   22.437964]  ? context_to_sid+0x70/0x100\n[   22.438580]  ? sidtab_context_to_sid+0x32/0x400\n[   22.439979]  filemap_read+0xcd/0x3d0\n[   22.440917]  xfs_file_buffered_read+0x4a/0xc0\n[   22.441984]  xfs_file_read_iter+0x65/0xd0\n[   22.442970]  __kernel_read+0x160/0x2e0\n[   22.443921]  bprm_execve+0x21b/0x640\n[   22.444809]  do_execveat_common.isra.0+0x1a8/0x220\n[   22.446008]  __x64_sys_execve+0x2d/0x40\n[   22.446920]  do_syscall_64+0x37/0x90\n[   22.447773]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThis patch fixes this issue by getting vq from vblk, and removes\nvirtblk_init_hctx().",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:35Z"

advisories/unreviewed/2025/06/GHSA-q8cf-83hq-3865/GHSA-q8cf-83hq-3865.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q8cf-83hq-3865",
-  "modified": "2025-06-18T12:30:45Z",
+  "modified": "2025-11-13T18:31:00Z",
   "published": "2025-06-18T12:30:45Z",
   "aliases": [
     "CVE-2022-50058"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa_sim_blk: set number of address spaces and virtqueue groups\n\nCommit bda324fd037a (\"vdpasim: control virtqueue support\") added two\nnew fields (nas, ngroups) to vdpasim_dev_attr, but we forgot to\ninitialize them for vdpa_sim_blk.\n\nWhen creating a new vdpa_sim_blk device this causes the kernel\nto panic in this way:\n    $ vdpa dev add mgmtdev vdpasim_blk name blk0\n    BUG: kernel NULL pointer dereference, address: 0000000000000030\n    ...\n    RIP: 0010:vhost_iotlb_add_range_ctx+0x41/0x220 [vhost_iotlb]\n    ...\n    Call Trace:\n     <TASK>\n     vhost_iotlb_add_range+0x11/0x800 [vhost_iotlb]\n     vdpasim_map_range+0x91/0xd0 [vdpa_sim]\n     vdpasim_alloc_coherent+0x56/0x90 [vdpa_sim]\n     ...\n\nThis happens because vdpasim->iommu[0] is not initialized when\ndev_attr.nas is 0.\n\nLet's fix this issue by initializing both (nas, ngroups) to 1 for\nvdpa_sim_blk.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T11:15:34Z"